Open Bug Bounty selected among the
Top 5 Bug Bounty programs to watch
in 2021 by The Hacker News

For security researchers
Report a Vulnerability
Submit, help fixing, get kudos.
For website owners
Start a Bug Bounty
Run your bounty program for free.
976,952 coordinated disclosures
615,407 fixed vulnerabilities
1,324 bug bounty programs, 2,655 websites
22,824 researchers, 1,310 honor badges

Amberlo Bug Bounty Program

Amberlo runs a bug bounty program to ensure the highest security and privacy of its websites. Everyone is eligible to participate in the program subject to the below-mentioned conditions and requirements of Amberlo

Open Bug Bounty performs triage and verification of the submissions. However, we never intervene to the further process of vulnerability remediation and disclosure between Amberlo and researchers.

Bug bounty program allow private and public submissions.

Bug Bounty Scope

The following websites are within the scope of the program:

test.amberlo.io

Non-Intrusive Submissions Handling

The following section encompasses submission of the vulnerabilities that do not require intrusive testing as per Open Bug Bounty rules:

- Cross Site Scripting (XSS)
- Open Redirect

- Cross Site Request Forgery (CSRF)
- Improper Access Control

General Requirements:

We have created Amberlo to provide better access to justice. Like any other technology, Amberlo is not perfect. Therefore we aim to work with the leading security researchers worldwide to strengthen Amberlo app security.

Please inform us about any security issues, and we will make sure that we fix them promptly in collaboration with you.

While researching, we'd like to ask you to avoid the following:
* Denial of service attacks
* Spamming
* Social engineering (including phishing) of Amberlo staff or contractors
* Any physical attempts against Amberlo property or data centers

Thank you for helping keep the Amberlo app and our users safe!

Testing Requirements:

We have mirrored our production environment and created new environment for testing at test.amberlo.io. Please use test.amberlo.io while researching, but try to avoid anything that would result in an extreme load on the prepared test environment.

Possible Awards:

Amberlo offers a monetary bounty for reports of qualifying security vulnerabilities. Reward amounts will vary based on the severity of the reported vulnerability and agreed upon case by case.

Community Rating

Provided by security researchers who reported security vulnerabilities via this bug bounty program:

 
Response Time  Information How quickly researchers get responses to their submissions.
Remediation Time  Information How quickly reported submissions are fixed.
Cooperation and Respect  Information How fairly and respectfully researchers are being treated.

Researcher's comments

ajaysenr     28 January, 2021
    ajaysenr:
Thanks Team for the reward and quick response, Appreciate it.
B19R8A14     25 January, 2021
    B19R8A14:
hello, i have reported the vulnerability via email please check
shankarvemula01     21 January, 2021
    shankarvemula01:
HELLO TEAM,

I AM REPORTING VIA EMAIL THAT SUPPORTMAILS

PLEASE CHECK EMAILS FROM SHANKARSECU

  Latest Patched

 18.05.2021 bancodevenezuela.com
 18.05.2021 weglot.com
 18.05.2021 hjcp77.me
 18.05.2021 www2.cdc.gov
 18.05.2021 world68.com
 17.05.2021 freewebsubmission.com
 17.05.2021 aihami.com
 17.05.2021 lacentrale.fr
 17.05.2021 ces.tech
 17.05.2021 uniapp.me

  Latest Blog Posts

25.04.2021 by ParanjpeSanmarg
Testing Subdomain Takeover Vulnerability
11.04.2021 by Open Bug Bounty
Better Notifications Mechanism
28.03.2021 by febin_rev
Windows Stack Buffer Overflow in a real life app — Exploit development — CloudMe_1.11.2 Buffer Overflow-CVE-2018–6892
10.02.2021 by Renzi25031469
Sysadminotaur nº88
10.02.2021 by Open Bug Bounty
Higher Submissions Quality Standard

  Recent Recommendations

@Onizuka961     16 May, 2021
    Twitter Onizuka961:
Thanks Jenny For Reporting issue for us , Very Professional , quick response
@philippejadin     14 May, 2021
    Twitter philippejadin:
Thank you for reporting an issue with the presentation website of the project and for the quick replies !
@DjMagrao_     11 May, 2021
    Twitter DjMagrao_:
Thanks for founding xss errors on my website and fixing then.
@DouglasRao42     10 May, 2021
    Twitter DouglasRao42:
Profissional competente que tem contribuído ativamente no campo da segurança da informação.
@obb20210429     6 May, 2021
    Twitter obb20210429:
Thanks for a quick and useful report that helped us find and resolve the issue.